Part: 3 Would you have been fooled? The most sophisticated scams for obtaining company data.

Blog Cybersecurity
Pic Source: Nordwood Themes via Unsplash

How much do you trust your online date? It’s common knowledge that you shouldn’t reveal too much information when meeting people on the Internet. However, when it comes to one’s career or love, even prudent people forget all the basic rules of cybersecurity. Criminals exploit vanity and loneliness to obtain corporate data.

1. The fake warning from the Federal Office for Information Security.

If anyone knows IT security, it’s the Federal Office for Information Security (BSI) – after all, it’s Germany’s top federal cybersecurity agency. It is considered a valuable source of knowledge, and provides advice and support to companies. It also issues alerts when new waves of attacks are launched by cybercriminals. At the beginning of the year, emails circulated calling on people to perform security updates. Alleged sender: the BSI. Included: A link under which the recipient could download the update. However, the download on the fake website contained a malware program. A nasty trick by cyber criminals. The BSI finally issued a warning message itself, with the recommendation to ignore the message.

Our tip: Check the email address carefully, even from trustworthy senders. If you have any doubts, do not open any attachment and do not click on included links. Get more information from other channels, such as the organization’s official website or customer service.

2. The curious headhunter

You get contacted through Xing: Great resume and unique profile. The interested recruiter writes that the company could use someone like you. Who doesn’t like to hear such compliments? A phone call is arranged in which you get to know each other better. Your counterpart inquires about your current position. The person asks for more and more detailed information about internal processes and resources. The headhunter scam via social networks is a popular trick to get information.

Our tip: Be careful about what you reveal to the outside world about your current company. A recruiter usually inquires about your job responsibilities. However, he should understand if you don’t reveal details or internals – such as internal operating procedures, access rights or software used in your company.

3. The digital rendezvous without a happy ending

Similar to the headhunter’s scam, online dating spying also works: a person with an attractive profile photo contacts the victim on social networks. Flirting takes place, people spend entire nights writing to each other, and trust is built up. Once the first step has been taken, there are two popular approaches: Either the target is directly questioned about their company or asked to download a flirting app that acts as a Trojan horse and is infected with a spy program. This approach gained notoriety when it was reported earlier this year that Hamas spied on Israeli soldiers with the help of such an app.

Our tip: Become suspicious if anonymous flirts on the Internet ask you extensively about your company. Your profession is certainly an interesting topic of conversation, but you should keep company internals and similar details to yourself. You are asked to download an app or other programs/files? It’s best to generally refrain from clicking on links from strangers. There are always alternatives, you can fall back on commonly used means of communication – your online date will surely understand.